.\" Copyright (C) 2005 International Business Machines Corporation
.\"
.de Sh \" Subsection
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.TH "tpmtoken_protect" 1 "2005-04-25"  "TPM Management"
.ce 1
TPM Management - tpmtoken_protect
.SH NAME
tpmtoken_protect \- encrypt or decrypt data using a symmetric key stored
in the user's TPM PKCS#11 data store
.SH "SYNOPSIS"
.ad l
.hy 0
.B tpmtoken_protect
[ OPTION ]

.SH "DESCRIPTION"
.PP
\fBtpmtoken_protect\fR will encrypt or decrypt data using a symmetric key that
is stored in the user's data store.  The key used to protect the data
is a 256-bit AES key stored as a private Secret Key PKCS#11 object.  The object
has the PKCS#11 label attribute of \'User Data Protection Key\'.
The key is generated by the TPM PKCS#11 implementation when it is needed the
first time.  Since it is generated as a private object, it is protected by the
TPM on the platform.
.PP
This command requires the \'-i\' and \'-o\' command options to be specified.

.TP
\fB\-h\fR, \fB\-\-help\fR
Display command usage info.
.TP
\fB-v\fR, \fB\-\-version\fR
Display command version info.
.TP
\fB-l\fR, \fB\-\-log\fR [none|error|info|debug]
Set logging level.
.TP
\fB-d\fR, \fB\-\-decrypt\fR
Perform a decryption operation
.TP
\fB-e\fR, \fB\-\-encrypt\fR
Perform an encryption operation
.TP
\fB-i\fR, \fB\-\-infile\fR FILE
Use FILE as the input to the specified operation
.TP
\fB-k\fR, \fB\-\-token\fR STRING
Use STRING to identify the label of the PKCS#11 token to
be used
.TP
\fB-o\fR, \fB\-\-outfile\fR FILE
Use FILE as the output of the specified operation

.SH "SEE ALSO"
.PP
\fBtpmtoken_init\fR(1),
\fBtpmtoken_import\fR(1),
\fBtpmtoken_setpasswd\fR(1),
\fBtpmtoken_objects\fR(1)

.SH "REPORTING BUGS"
Report bugs to <trousers-users@lists.sourceforge.net>
